streamlining user provisioning...

150 Spear Street, Suite 1400 San Francisco, CA 94105 877 979 0411 onelogin onelogin.com

Historically, organizations have used Active Directory (AD) to automate

the management of user data and security attributes for their on-

premises environments. However, AD was not designed to integrate

with cloud-based applications. Today, extending AD beyond the firewall

requires the implementation of additional, complex systems such as

Active Directory Federation Services (AD FS) or Microsoft Azure.

Further complicating this situation is when organizations want to

integrate cloud applications that either complement or augment AD’s

functionality. One example is Jive, a new generation cloud-based

application targeted at business users for social collaboration. Jive

merges the multiple communication streams within an enterprise

environment - including instant messaging, social networking, online

communities, discussion forums, RSS feeds, blogs and wikis - under a

single interface.

Creating user accounts in Jive can be a manually intensive task that

consumes valuable IT resources. Enterprises already using AD to

manage users can synchronize Jive with this existing identity repository

for streamlined, automated user account provisioning and identity

profile updates. But again, this represents a lengthy, complicated

integration effort for IT teams.

OneLogin simplifies the integration of AD and Jive by automating user

provisioning workflows. Organizations can use OneLogin for Directory

Integration, Single Sign-On and User Provisioning from AD into Jive.

This centralization of corporate identity and social profile data increases

application and data security.

S T R E A M L I N I N G U S E R P R O V I S I O N I N G W I T H I N

J I V E U S I N G A C T I V E D I R E C T O R Y


H O W D O I G E T S TA R T E D ?

STEP 1

Deploy a Connector for AD to Talk to Jive• Once a OneLogin account has been created, the network

administrator can easily add AD as a source of identity for Onelogin.

For enterprise environments deploying both Jive and AD, AD can

synchronize the organization’s existing user identities with Jive to

help speed deployment - but there are a couple of additional steps

to take before this can happen.

• To get the two directories to talk to each other, OneLogin’s zero

configuration AD Connector is deployed as a Microsoft Windows

service behind the firewall. The AD Connector maintains a secure,

outbound, persistent SSL connection to OneLogin and is used to

synchronize changes between AD and Jive. As user additions and

changes are made in AD, OneLogin ensures that records maintained

in Jive are synchronized automatically in real-time.

STEP 2

Configure SAML for Jive• From the OneLogin console, administrators can quickly configure

SAML and obtain an X.509 Public Key, which is then used by Jive to

verify the authenticity of SAML responses from OneLogin. OneLogin

uses SAML to authenticate users from AD into other applications

without requiring additional password authentication from the user.

• In many organizations, roles have become the primary method

used to assign access rights and permissions to defined groups of

employees. Roles are the key component of OneLogin and are used

to grant users access to an application. They are typically linked

to specific groups in the corporate directory and members of that

group are then granted access to the applications in OneLogin.


STEP 3

Configure Desktop SSO for Jive, Cloud and Enterprise Applications• OneLogin’s zero-configuration, out-of-the-box AD Connector

allows administrators to quickly implement single sign-on

functionality within their enterprise environment. Using digital

signatures to establish trust between OneLogin and Jive, SAML

simplifies the centralization of access control by eliminating the need

for multiple passwords.

• This improves the overall security posture of enterprise and

employee productivity. Users can further strengthen security to

prevent man-in-the-middle attacks and other password breaches

by using OneLogin’s mobile-based, out-of-band authentication

solution.

• OneLogin uses Integrated Windows Authentication (IWA) to

automatically sign users into Jive once they have authenticated to

their Windows domain. This integration gives end-users a seamless

SSO experience from their desktop for any cloud application as well

as their commonly accessed enterprise applications.

STEP 4

Fully Provision Users From AD into Jive• With SAML successfully enabled and single sign-on configured,

OneLogin can be configured to recognize AD as the single

authoritative source of identity.

• Updates within AD will be transparently synchronized with OneLogin.

OneLogin then automatically updates Jive and other cloud-

based application identities without the need for IT to manually

synchronize each directory in isolation.

• Administrators can easily create new accounts in Jive by

replicating account properties from existing accounts stored

within AD. Alternatively, the real-time synchronization provides

the administrator with an effective “kill switch” that automatically

deactivates user access to accounts in Jive by deleting or suspending

the account directly from AD.


STEP 5

Create Custom Identity Fields to Support Extended AttributesJive and AD are two solutions that give enterprises the ability to leverage

a broad set of extensible identity attributes to further define a user’s

identity. OneLogin is able to recognize these attributes via custom

fields, making it possible to support all the extended identity attributes

previously defined in Jive when synchronized with AD.

C O N C L U S I O N

Increasingly, enterprises are adopting collaboration tools such as Jive,

which is a deep repository of employee data. When integrated with

Active Directory, this data provides the organization with a broad set of

collective identity attributes.

Implementing these 5 steps eases Jive integration with AD. OneLogin’s

Jive integration accelerates enterprise deployment without the need

for manual account creation or mass identity data migration. IT’s life is

eased by leveraging the identity attributes stored in Jive, and seamlessly

flowing them into AD via OneLogin.

OneLogin reduces the risk and technical complexity of integrating Jive

with AD, while eliminating the need for any additional on-premises

hardware or software. Enterprises can now automate their user

provisioning workflows between Jive and AD, secure employee data,

simplify the employee lifecycle processes, increase compliance, and

ease both IT and HR’s workload.


A B O U T O N E L O G I N

OneLogin is the innovator in enterprise identity management and

provides the industry’s fastest, easiest and most secure solution for

managing internal and external users across all devices and applications.

The only Challenger in Gartner’s IDaaS MQ, considered a “Major Player”

in IAM by IDC, and Ranked #1 in Network World Magazine’s review of

SSO tools, OneLogin’s cloud identity management platform provides

secure single sign-on, multi-factor authentication, integration with

common directory infrastructures such as Active Directory and LDAP,

user provisioning and more. OneLogin is SAML-enabled and pre-

integrated with thousands of applications commonly used by today’s

enterprises, including Microsoft Office 365, Asure Software, BMC

Remedyforce, Coupa, Box, Clarizen, DocuSign, Dropbox, Egnyte, EMC

Syncplicity, EchoSign, Google Apps, Jive, Innotas, LotusLive, NetSuite,

Oracle CRM On-Demand, Parature, Salesforce.com, SuccessFactors,

WebEx, Workday, Yammer, ServiceNow, Zscaler and Zendesk. OneLogin,

Inc. is backed by CRV and The Social+Capital Partnership.


TRY ONELOGIN - FREE FOREVER

http://www.onelogin.com/signup/

http://www.onelogin.com/signup/

streamlining user provisioning...

Documents